Export (0) Print
Expand All

RegistryPermission Class

Controls the ability to access registry variables. This class cannot be inherited.

Namespace: System.Security.Permissions
Assembly: mscorlib (in mscorlib.dll)

[SerializableAttribute] 
[ComVisibleAttribute(true)] 
public sealed class RegistryPermission : CodeAccessPermission, IUnrestrictedPermission
/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public final class RegistryPermission extends CodeAccessPermission implements IUnrestrictedPermission
SerializableAttribute 
ComVisibleAttribute(true) 
public final class RegistryPermission extends CodeAccessPermission implements IUnrestrictedPermission
Not applicable.

RegistryPermission describes protected operations on registry variables. Registry variables should not be stored in memory locations where code without RegistryPermission can access them. If the registry object is passed to an untrusted caller it can be misused.

The allowed registry access types are defined by RegistryPermissionAccess. If more than one type of access is desired, they can be combined using the bitwise OR operation as shown in the code sample that follows.

Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical pathnames. Key access implies access to all values it contains and all variables under it.

Caution noteCaution:

RegistryPermission grants permission for all paths to a key, including both HKEY_CURRENT_USER and HKEY_USERS. To Deny access to a key, you must Deny all possible paths to the key. For example, to Deny access to HKEY_CURRENT_USER\Software\Microsoft\Cryptography, you must Deny HKEY_CURRENT_USER\Software\Microsoft\Cryptography, HKEY_USERS\.......\Software\Microsoft\Cryptography and any other path that you can use to access the key. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see "Canonicalization Problems Using Deny" in Using the Deny Method.

In the following code example, the RegistryPermissionf represents permission to read the values from the CentralProcessor key. Read and Write are RegistryPermissionAccess enumeration values.

RegistryPermission f = new RegistryPermission(
RegistryPermissionAccess.Read, 
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");

RegistryPermission f =  
    new RegistryPermission(RegistryPermissionAccess.Read,
        "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\"
        + "System\\CentralProcessor\\0");

The following code example adds permission to read from and write to the FloatingPointProcessor key to the RegistryPermissionf.

f.AddPathList(
RegistryPermissionAccess.Write | RegistryPermissionAccess.Read,
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");

f.AddPathList(RegistryPermissionAccess.Write |
    RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\\HARDWARE\\"
    + "DESCRIPTION\\System\\FloatingPointProcessor\\0");

The RegistryPermissionf now represents the permission to read from the CentralProcessor key and to read from and write to the FloatingPointProcessor key.

The following code example shows the behavior of the RegistryPermission class methods.

NoteNote:

The code example is intended to show the behavior of the methods, not to demonstrate their use. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications. Generally, only the constructors are used in application code. The created instance validates or controls resource access by using inherited CodeAccessPermission methods such as Demand.

// This sample demonstrates the IsSubsetOf, Union, Intersect, Copy, ToXml, FromXml
// GetPathList, AddPathList, and SetPathList methods
// of the RegistryPermission class.


using System;
using System.Security;
using System.Security.Permissions;
using System.Collections;

[assembly: CLSCompliant(true)]

public class RegistryPermissionDemo
{
    RegistryPermission readPerm1 = new RegistryPermission(RegistryPermissionAccess.Read,
        "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
    RegistryPermission readPerm2 = new RegistryPermission(RegistryPermissionAccess.Read,
       "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION");
    RegistryPermission readPerm3 = new RegistryPermission(RegistryPermissionAccess.Read,
    "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");
    RegistryPermission createPerm1 = new RegistryPermission(RegistryPermissionAccess.Create,
        "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
    IPermission readPerm4;

    // IsSubsetOf determines whether the current permission is a subset of the specified permission.
    private bool IsSubsetOfDemo()
    {

        bool returnValue = true;

        if (readPerm1.IsSubsetOf(readPerm2))
        {

            Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                "\n is a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + "\n");
        }
        else
        {
            Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                "\n is not a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + "\n");
        }
        if (createPerm1.IsSubsetOf(readPerm1))
        {

            Console.WriteLine("RegistryPermissionAccess.Create" +
                "\n is a subset of " + "RegistryPermissionAccess.Read" + "\n");
        }
        else
        {
            Console.WriteLine("RegistryPermissionAccess.Create" +
                "\n is not a subset of " + "RegistryPermissionAccess.Read" + "\n");
        }

        return returnValue;
    }
    // Union creates a new permission that is the union of the current permission and
    // the specified permission.
    private bool UnionDemo()
    {

        bool returnValue = true;
        readPerm3 = (RegistryPermission)readPerm1.Union(readPerm2);

        if (readPerm3 == null)
        {
            Console.WriteLine("The union of \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Read) + " \nand "
                + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null.");
        }
        else
        {
            Console.WriteLine("The union of \n" + readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = \n\t"
                + ((RegistryPermission)readPerm3).GetPathList(RegistryPermissionAccess.Read).ToString());
        }

        return returnValue;

    }
    // Intersect creates and returns a new permission that is the intersection of the
    // current permission and the permission specified.
    private bool IntersectDemo()
    {

        bool returnValue = true;

        readPerm3 = (RegistryPermission)readPerm1.Intersect(readPerm2);
        if (readPerm3 != null && readPerm3.GetPathList(RegistryPermissionAccess.Read) != null)
        {

            Console.WriteLine("The intersection of \n" + readPerm1.GetPathList(RegistryPermissionAccess.Read)
                + " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = \n\t"
                + ((RegistryPermission)readPerm3).GetPathList(RegistryPermissionAccess.Read).ToString());
        }
        else
        {
            Console.WriteLine("The intersection of \n" + readPerm2.GetPathList(RegistryPermissionAccess.Read)
                + " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null. ");
        }

        return returnValue;

    }
    //Copy creates and returns an identical copy of the current permission.
    private bool CopyDemo()
    {

        bool returnValue = true;
        readPerm4 = (RegistryPermission)readPerm1.Copy();
        if (readPerm4 != null)
        {
            Console.WriteLine("Result of copy = " + readPerm4.ToString() + "\n");
        }
        else
        {
            Console.WriteLine("Result of copy is null. \n");
        }
        return returnValue;
    }
    // ToXml creates an XML encoding of the permission and its current state; FromXml
    // reconstructs a permission with the specified state from the XML encoding.
    private bool ToFromXmlDemo()
    {

        bool returnValue = true;
        readPerm2 = new RegistryPermission(PermissionState.None);
        readPerm2.FromXml(readPerm1.ToXml());
        Console.WriteLine("Result of ToFromXml = " + readPerm2.ToString() + "\n");

        return returnValue;

    }
    // AddPathList adds access for the specified registry variables to the existing state of the permission.
    // SetPathList sets new access for the specified registry variable names to the existing state of the permission.
    // GetPathList gets paths for all registry variables with the specified RegistryPermissionAccess.
    private bool SetGetPathListDemo()
    {
        try
        {
            Console.WriteLine("********************************************************\n");

            RegistryPermission readPerm1;
            Console.WriteLine("Creating RegistryPermission with AllAccess rights for 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'");
            readPerm1 = new RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
            Console.WriteLine("Adding 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION' to the write access list, "
                + "and \n 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0' "
                + "to the read access list.");
            readPerm1.AddPathList(RegistryPermissionAccess.Write, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION");
            readPerm1.AddPathList(RegistryPermissionAccess.Read,
                "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");
            Console.WriteLine("Read access list before SetPathList = " +
                readPerm1.GetPathList(RegistryPermissionAccess.Read));
            Console.WriteLine("Setting read access rights to \n'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'");
            readPerm1.SetPathList(RegistryPermissionAccess.Read,
                "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
            Console.WriteLine("Read access list after SetPathList = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Read));
            Console.WriteLine("Write access = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Write));
            Console.WriteLine("Write access Registry variables = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.AllAccess));
        }
        catch (ArgumentException e)
        {
            // RegistryPermissionAccess.AllAccess can not be used as a parameter for GetPathList.
            Console.WriteLine("An ArgumentException occured as a result of using AllAccess. "
                + "AllAccess cannot be used as a parameter in GetPathList because it represents more than one "
                + "type of registry variable access : \n" + e);
        }

        return true;
    }
    // Invoke all demos.
    public bool RunDemo()
    {

        bool ret = true;
        bool retTmp;
        // Call IsSubset demo.
        if (retTmp = IsSubsetOfDemo()) Console.Out.WriteLine("IsSubset demo completed successfully.");
        else Console.Out.WriteLine("IsSubset demo failed.");
        ret = retTmp && ret;

        // Call the Union demo.
        if (retTmp = UnionDemo()) Console.Out.WriteLine("Union demo completed successfully.");
        else Console.Out.WriteLine("Union demo failed.");
        ret = retTmp && ret;

        // Call the intersect demo.
        if (retTmp = IntersectDemo()) Console.Out.WriteLine("Intersect demo completed successfully.");
        else Console.Out.WriteLine("Intersect demo failed.");
        ret = retTmp && ret;


        // Call the Copy demo.
        if (retTmp = CopyDemo()) Console.Out.WriteLine("Copy demo completed successfully.");
        else Console.Out.WriteLine("Copy demo failed.");
        ret = retTmp && ret;

        // Call the ToFromXml demo.
        if (retTmp = ToFromXmlDemo()) Console.Out.WriteLine("ToFromXml demo completed successfully.");
        else Console.Out.WriteLine("ToFromXml demo failed.");
        ret = retTmp && ret;

        // Call the GetPathList demo.
        if (retTmp = SetGetPathListDemo()) Console.Out.WriteLine("SetGetPathList demo completed successfully.");
        else Console.Out.WriteLine("SetGetPathList demo failed.");
        ret = retTmp && ret;

        return (ret);

    }
    // Test harness.
    public static void Main(String[] args)
    {
        try
        {
            RegistryPermissionDemo democase = new RegistryPermissionDemo();
            bool ret = democase.RunDemo();
            if (ret)
            {
                Console.Out.WriteLine("The RegisterPermission demo completed successfully.");
                Console.Out.WriteLine("Press the Enter key to exit.");
                string consoleInput = Console.ReadLine();
                System.Environment.ExitCode = 100;
            }
            else
            {
                Console.Out.WriteLine("The RegisterPermission demo failed");
                Console.Out.WriteLine("Press the Enter key to exit.");
                string consoleInput = Console.ReadLine();
                System.Environment.ExitCode = 101;
            }
        }
        catch (Exception e)
        {
            Console.Out.WriteLine("The RegisterPermission demo failed");
            Console.WriteLine(e.ToString());
            Console.Out.WriteLine("Press the Enter key to exit.");
            string consoleInput = Console.ReadLine();
            System.Environment.ExitCode = 101;
        }
    }
}


System.Object
   System.Security.CodeAccessPermission
    System.Security.Permissions.RegistryPermission

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0, 1.1, 1.0

Community Additions

ADD
Show:
© 2014 Microsoft